[go: up one dir, main page]

TWI807193B - Virtual private network connection method and memory card device using the same - Google Patents

Virtual private network connection method and memory card device using the same Download PDF

Info

Publication number
TWI807193B
TWI807193B TW109119922A TW109119922A TWI807193B TW I807193 B TWI807193 B TW I807193B TW 109119922 A TW109119922 A TW 109119922A TW 109119922 A TW109119922 A TW 109119922A TW I807193 B TWI807193 B TW I807193B
Authority
TW
Taiwan
Prior art keywords
private network
virtual private
memory card
card device
application program
Prior art date
Application number
TW109119922A
Other languages
Chinese (zh)
Other versions
TW202147808A (en
Inventor
汗 巴哈杜爾沙
錫顏 陳
吳毫任
Original Assignee
佳易科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 佳易科技股份有限公司 filed Critical 佳易科技股份有限公司
Priority to TW109119922A priority Critical patent/TWI807193B/en
Priority to CN202010566100.6A priority patent/CN113810352B/en
Priority to US16/986,247 priority patent/US11539667B2/en
Priority to EP20190375.4A priority patent/EP3923534A1/en
Publication of TW202147808A publication Critical patent/TW202147808A/en
Application granted granted Critical
Publication of TWI807193B publication Critical patent/TWI807193B/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
    • G16H40/60ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices
    • G16H40/67ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for remote operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • Biomedical Technology (AREA)
  • Bioethics (AREA)
  • Virology (AREA)
  • General Business, Economics & Management (AREA)
  • Epidemiology (AREA)
  • Primary Health Care (AREA)
  • Public Health (AREA)
  • Business, Economics & Management (AREA)
  • Databases & Information Systems (AREA)
  • Mathematical Physics (AREA)
  • Medical Treatment And Welfare Office Work (AREA)
  • Measuring And Recording Apparatus For Diagnosis (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention discloses a virtual private network connection method, applied in a memory card device. The connection method comprises following steps. first, providing virtual private network application, and then loading the virtual private network application in the memory card device, and then installing the memory card device in a medical device, and then running the virtual private network application and control the memory card device to connect to a virtual private network server according to a connection request, and then controlling the memory card device to transmit a data generated by the medical device to the virtual private network server. The present invention also discloses the memory card device applying the above connection method.

Description

虛擬私人網路連線方法以及應用該方法的儲存卡裝置 Virtual private network connection method and memory card device using the method

本發明係涉及一種虛擬私人網路連線方法,尤其是關於一種應用於儲存卡裝置的虛擬私人網路連接方法。 The invention relates to a virtual private network connection method, in particular to a virtual private network connection method applied to a memory card device.

現今電子科技技術發展快速,各式電子產品的普及度也越來越高,如行動電話、數位相機、筆記型電腦、平板電腦或醫療器材等。而隨著電子產品的使用功能不斷增加、擴充,應用的程式等亦愈來愈多,其所需儲存的資料也日漸增加。除了電子產品內建既有的記憶體之外,各式電子產品也都會透過外接的儲存卡裝置,藉以擴充記憶容量並儲存更多的資料、電子檔案或應用程式等,再適時對儲存卡裝置內所儲存之電子檔案進行修改、刪除等動作,且亦可將新的資料、訊息或應用程式等再儲存於儲存卡裝置內。 Nowadays, with the rapid development of electronic technology, various electronic products are becoming more and more popular, such as mobile phones, digital cameras, notebook computers, tablet computers or medical equipment. With the continuous increase and expansion of the functions of the electronic products, more and more programs are applied, and the data required to be stored is also increasing day by day. In addition to the built-in memory of electronic products, various electronic products also use external memory card devices to expand memory capacity and store more data, electronic files or applications, etc., and then modify and delete electronic files stored in the memory card device in due course, and also store new data, messages or applications in the memory card device.

此外,電子產品亦可結合具有無線傳輸功能的儲存卡裝置,使得電子產品可藉由無線傳輸儲存卡裝置以無線傳輸的方式(例如是透過Wi-Fi的無線傳輸方式)將儲存卡裝置中所儲存的資料即時的傳送至外部的其它電子產品或是雲端儲存空間。以搭載無線傳輸儲存卡裝置的醫療器材為例,使用者在使用醫療器材的過程中會產生關於 使用者身體狀態的醫療數據資料,此醫療數據資料儲存於無線傳輸儲存卡裝置的同時,亦可同步將此醫療數據資料傳送至其它的電子產品(如使用者親友的手機)或是傳送至雲端網路儲存空間進行儲存。 In addition, the electronic product can also be combined with a memory card device with a wireless transmission function, so that the electronic product can transmit the data stored in the memory card device to other external electronic products or cloud storage space in a wireless transmission manner (such as a wireless transmission method through Wi-Fi) through the wireless transmission memory card device. Taking medical equipment equipped with wireless transmission memory card devices as an example, users will generate information about The medical data of the user's physical state, while the medical data is stored in the wireless transmission memory card device, the medical data can also be transmitted to other electronic products (such as the mobile phone of the user's relatives and friends) or to the cloud network storage space for storage.

然而,當電子產品藉由無線傳輸儲存卡裝置將資料傳輸至其它電子產品或是雲端網路儲存空間的過程中,經由會有遭到惡意程式攻擊以及資料被第三方竊取的風險,因此,如何確保資料進行安全的傳輸,實為本領域相關人員所關注的焦點。 However, when an electronic product transmits data to other electronic products or cloud network storage space through a wireless transmission memory card device, there will be a risk of being attacked by malicious programs and data being stolen by a third party. Therefore, how to ensure the safe transmission of data is the focus of attention of relevant personnel in this field.

本發明的目的之一在於提供一種虛擬私人網路連線方法,醫療裝置藉由內置有虛擬私人網路應用程式的儲存卡裝置登錄到虛擬私人網路伺服器,使得醫療裝置在使用過程中所產生的資料透過儲存卡裝置傳輸至虛擬私人網路伺服器進行資料的加密保護。 One of the objectives of the present invention is to provide a virtual private network connection method. The medical device logs in to the virtual private network server through the memory card device with the built-in virtual private network application program, so that the data generated by the medical device during use is transmitted to the virtual private network server through the memory card device for data encryption protection.

本發明的又一目的在於提供一種儲存卡裝置,其藉由虛擬私人網路連接與控制模組執行虛擬私人網應用程式來登錄到虛擬私人網路伺服器,使得儲存模組所儲存的資料得以傳輸至虛擬私人網路伺服器進行資料加密保護。 Yet another object of the present invention is to provide a memory card device, which logs in to a VPN server through the VPN connection and control module to execute a VPN application program, so that the data stored in the storage module can be transmitted to the VPN server for data encryption protection.

本發明的其他目的和優點可以從本發明所揭露的技術特徵中得到進一步的了解。 Other purposes and advantages of the present invention can be further understood from the technical features disclosed in the present invention.

為達上述之一或部分或全部目的或是其他目的,本發明提供一種虛擬私人網路連線方法,應用於儲存卡裝置。連線方法包括下列步驟。首先提供虛擬私人網路應用程式,然後將虛擬私人網路應用程式載入於儲存卡裝置中,然後將儲存卡裝置安裝於醫療裝置中,然 後執行虛擬私人網路應用程式並根據連線請求而控制儲存卡裝置連接至虛擬私人網路伺服器,然後控制儲存卡裝置傳輸醫療裝置所產生的資料至虛擬私人網路伺服器。 To achieve one or part or all of the above objectives or other objectives, the present invention provides a virtual private network connection method applied to a memory card device. The connection method includes the following steps. First provide the virtual private network application program, then load the virtual private network application program into the memory card device, then install the memory card device in the medical device, and then Then execute the virtual private network application program and control the memory card device to connect to the virtual private network server according to the connection request, and then control the memory card device to transmit the data generated by the medical device to the virtual private network server.

在本發明的一實施例中,上述的虛擬私人網路連線方式,在執行虛擬私人網路應用程式的步驟前進行伺服器連線設定。 In an embodiment of the present invention, in the aforementioned virtual private network connection method, the server connection setting is performed before the step of executing the virtual private network application program.

在本發明的一實施例中,上述的伺服器連線設定包括下列步驟:進行憑證設定以及進行客戶端參數設定。 In an embodiment of the present invention, the above server connection setting includes the following steps: performing certificate setting and performing client parameter setting.

在本發明的一實施例中,上述的憑證設定包括產生伺服器端公鑰憑證(Root CA certificate)、客戶端公鑰憑證(Client certificate)以及客戶端私鑰(Client Key)。 In an embodiment of the present invention, the above certificate setting includes generating a server public key certificate (Root CA certificate), a client public key certificate (Client certificate) and a client private key (Client Key).

在本發明的一實施例中,上述的客戶端參數設定包括伺服器位址設定、通訊協定設定、裝置模式設定、用戶名稱與密碼設定、加密方式設定以及檔案壓縮設定。 In an embodiment of the present invention, the above-mentioned client parameter settings include server address settings, communication protocol settings, device mode settings, user name and password settings, encryption method settings, and file compression settings.

在本發明的一實施例中,上述的虛擬私人網路連線方式0在將虛擬私人網路應用程式載入於儲存卡裝置前,更包括下列步驟:判斷虛擬私人網路應用程式的檔案尺寸是否小於或等於儲存卡裝置的容量門檻值以及倘若虛擬私人網路應用程式的檔案尺寸小於或等於容量門檻值,則將虛擬私人網路應用程式載入於儲存卡裝置中。 In an embodiment of the present invention, the aforementioned VPN connection method 0 further includes the following steps before loading the VPN application program into the memory card device: judging whether the file size of the VPN application program is less than or equal to the capacity threshold of the memory card device, and if the file size of the VPN application program is less than or equal to the capacity threshold value, then loading the VPN application program into the memory card device.

在本發明的一實施例中,上述的容量門檻值為四分之一儲存卡裝置的容量。 In an embodiment of the present invention, the aforementioned capacity threshold is a quarter of the capacity of the memory card device.

在本發明的一實施例中,上述的醫療裝置包括超音波掃描器(Ultrasonic scanner)、呼吸器(Ventilator)、眼底相機(Fundus camera)、持續性正壓呼吸器(CPAP)以及發光二極體光譜分析儀(LED spectrum analyzer)。 In one embodiment of the present invention, the above-mentioned medical device includes an ultrasonic scanner (Ultrasonic scanner), a respirator (Ventilator), a fundus camera (Fundus camera), continuous positive airway pressure (CPAP) and light-emitting diode spectrum analyzer (LED spectrum analyzer).

為達上述之一或部分或全部目的或是其他目的,本發明亦提供一種儲存卡裝置,包括I/O介面模組、儲存模組以及虛擬私人網路連接與控制模組。I/O介面模組用以電性連接於醫療裝置。儲存模組用以儲存醫療裝置所產生的資料,且儲存模組儲存有虛擬私人網路應用程式。虛擬私人網路連接與控制模組電性連接於I/O介面模組與儲存模組。當虛擬私人網路連接與控制模組執行虛擬私人網路應用程式並接收連線請求時,虛擬私人網路連接與控制模組連接至虛擬私人網路伺服器,且傳輸儲存模組所儲存之資料至虛擬私人網路伺服器。 To achieve one or part or all of the above purposes or other purposes, the present invention also provides a memory card device, including an I/O interface module, a storage module, and a virtual private network connection and control module. The I/O interface module is used for electrical connection with medical devices. The storage module is used for storing data generated by the medical device, and the storage module stores virtual private network applications. The VPN connection and the control module are electrically connected to the I/O interface module and the storage module. When the VPN connection and control module executes the VPN application program and receives a connection request, the VPN connection and control module connects to the VPN server, and transmits the data stored in the storage module to the VPN server.

在本發明的一實施例中,上述的虛擬私人網路連接與控制模組,包括處理控制單元以及虛擬私人網路連接模組。處理控制單元電性連接於I/O介面模組與儲存模組。虛擬私人網路連接模組電性連接於處理控制單元。當處理控制單元執行虛擬私人網路應用程式並接收連線請求時,處理控制單元控制虛擬私人網路連接模組連接至虛擬私人網路伺服器,藉以使虛擬私人網路連接模組傳輸資料至虛擬私人網路伺服器。 In an embodiment of the present invention, the aforementioned VPN connection and control module includes a processing control unit and a VPN connection module. The processing control unit is electrically connected to the I/O interface module and the storage module. The virtual private network connection module is electrically connected to the processing control unit. When the processing control unit executes the VPN application program and receives a connection request, the processing control unit controls the VPN connection module to connect to the VPN server, so that the VPN connection module transmits data to the VPN server.

在本發明的一實施例中,上述的儲存模組更儲存有作業系統,處理控制單元執行作業系統以及虛擬私人網路應用程式中之至少一者。 In an embodiment of the present invention, the above-mentioned storage module further stores an operating system, and the processing control unit executes at least one of the operating system and the virtual private network application program.

在本發明的一實施例中,上述的I/O介面模組電性連接於醫療裝置時,處理控制單元控制I/O介面模組對儲存模組進行資料的存取。 In an embodiment of the present invention, when the above-mentioned I/O interface module is electrically connected to the medical device, the processing control unit controls the I/O interface module to access data from the storage module.

在本發明的一實施例中,上述的虛擬私人網路連接模組包括通訊單元,電性連接於處理控制單元,當處理控制單元執行虛擬私人網路應用程式並接收連線請求時,處理控制單元控制通訊單元連接至通訊網路,藉以使虛擬私人網路連接模組透過通訊網路連接至虛擬私人網路伺服器。 In an embodiment of the present invention, the above-mentioned VPN connection module includes a communication unit electrically connected to the processing control unit. When the processing control unit executes the VPN application program and receives a connection request, the processing control unit controls the communication unit to connect to the communication network, so that the VPN connection module is connected to the VPN server through the communication network.

在本發明的一實施例中,上述的通訊單元以無線傳輸方式或有線傳輸方式連接至通訊網路。 In an embodiment of the present invention, the above-mentioned communication unit is connected to the communication network through wireless transmission or wired transmission.

在本發明的一實施例中,上述的儲存模組包括揮發性記憶體單元與非揮發性記憶體單元,資料與虛擬私人網路應用程式儲存於非揮發性記憶體單元內。 In an embodiment of the present invention, the above-mentioned storage module includes a volatile memory unit and a non-volatile memory unit, and data and VPN applications are stored in the non-volatile memory unit.

在本發明的一實施例中,上述的虛擬私人網路應用程式的檔案尺寸小於或等於四分之一該非揮發性記憶體單元的容量。 In an embodiment of the present invention, the file size of the aforementioned VPN application program is less than or equal to a quarter of the capacity of the non-volatile memory unit.

在本發明的一實施例中,上述的虛擬私人網路應用程式包括伺服器連線設定資訊,伺服器連線設定資訊包括憑證設定資訊與客戶端參數設定資訊。 In an embodiment of the present invention, the aforementioned virtual private network application includes server connection setting information, and the server connection setting information includes certificate setting information and client parameter setting information.

在本發明的一實施例中,上述的憑證設定資訊包括伺服器端公鑰憑證(Root CA certificate)、客戶端公鑰憑證(Client certificate)以及客戶端私鑰(Client Key)。 In an embodiment of the present invention, the above certificate setting information includes a server public key certificate (Root CA certificate), a client public key certificate (Client certificate) and a client private key (Client Key).

在本發明的一實施例中,上述的客戶端參數設定資訊包括伺服器位址設定資訊、通訊協定設定資訊、裝置模式設定資訊、用戶名稱與密碼設定資訊、加密方式設定資訊以及檔案壓縮設定資訊。 In an embodiment of the present invention, the above-mentioned client parameter setting information includes server address setting information, communication protocol setting information, device mode setting information, user name and password setting information, encryption method setting information, and file compression setting information.

在本發明的一實施例中,上述的醫療裝置包括超音波掃描器(Ultrasonic scanner)、呼吸器(Ventilator)、眼底相機(Fundus camera)、持續性正壓呼吸器(CPAP)以及發光二極體光譜分析儀(LED spectrum analyzer)。 In an embodiment of the present invention, the above-mentioned medical device includes an Ultrasonic scanner, a Ventilator, a Fundus camera, a Continuous Positive Airway Pressure (CPAP), and an LED spectrum analyzer.

本發明實施例的虛擬私人網路連線方法與儲存卡裝置,其係將虛擬私人網路應用程式內置於儲存卡裝置,並將搭載有虛擬私人網路應用程式的儲存卡裝置安裝於醫療裝置內,使得醫療裝置藉由內置有虛擬私人網路應用程式的儲存卡裝置登錄到虛擬私人網路伺服器,並透過儲存卡裝置傳輸醫療裝置在使用過程中所產生的資料至虛擬私人網路伺服器進行資料的加密保護,藉以防止資料在傳遞的過程中遭到惡意程式攻擊以及資料被第三方竊取的風險。 The virtual private network connection method and the memory card device of the embodiment of the present invention are to build the virtual private network application program into the memory card device, and install the memory card device equipped with the virtual private network application program in the medical device, so that the medical device can log in to the virtual private network server through the memory card device with the built-in virtual private network application program, and transmit the data generated by the medical device during use to the virtual private network server through the memory card device for data encryption protection, so as to prevent the data from being transmitted by malicious programs. Risk of attacks and data theft by third parties.

為讓本發明之上述和其他目的、特徵和優點能更明顯易懂,下文特舉較佳實施例,並配合所附圖式,作詳細說明如下。 In order to make the above and other objects, features and advantages of the present invention more comprehensible, preferred embodiments will be described in detail below together with the attached drawings.

1:儲存卡裝置 1: Memory card device

11:I/O介面模組 11:I/O interface module

12:儲存模組 12: Storage module

13:虛擬私人網路連接與控制模組 13:Virtual private network connection and control module

121:揮發性記憶體單元 121: Volatile memory unit

122:非揮發性記憶體單元 122: Non-volatile memory unit

131:處理控制單元 131: Processing control unit

132:虛擬私人網路連接模組 132:Virtual private network connection module

100:醫療裝置 100:Medical Devices

1200:資料 1200: data

1201:虛擬私人網路應用程式 1201: Virtual private network application

1202:作業系統 1202: operating system

1320:通訊單元 1320: communication unit

2:儲存卡轉接裝置 2: Memory card transfer device

21:I/O介面模組 21:I/O interface module

22:儲存卡轉接槽 22:Memory card adapter slot

23:虛擬私人網路連接與控制模組 23:Virtual private network connection and control module

220:儲存卡 220: memory card

200:虛擬私人網路伺服器 200: virtual private network server

300:通訊網路 300: communication network

S1~S7:步驟 S1~S7: steps

圖1為本發明一實施例的虛擬私人網路連線方法的流程示意圖。 FIG. 1 is a schematic flowchart of a virtual private network connection method according to an embodiment of the present invention.

圖2為本發明一實施例的儲存卡裝置的功能方塊示意圖。 FIG. 2 is a functional block diagram of a memory card device according to an embodiment of the present invention.

圖3為本發明一實施例的儲存卡轉接裝置的功能方塊示意圖。 FIG. 3 is a functional block diagram of a memory card adapter device according to an embodiment of the present invention.

有關本發明之前述及其他技術內容、特點與功效,在以下配合參考圖式的一較佳實施例的詳細說明中,將可清楚的呈現。以下實施例中所提到的方向用語,例如:上、下、左、右、前或後等,僅是參考附加圖式的方向。因此,使用的方向用語是用來說明並非用來限制本發明。 The aforementioned and other technical contents, features and effects of the present invention will be clearly presented in the following detailed description of a preferred embodiment with reference to the drawings. The directional terms mentioned in the following embodiments, such as: up, down, left, right, front or back, etc., are only directions referring to the attached drawings. Accordingly, the directional terms used are for the purpose of illustration and not for the purpose of limiting the invention.

請參閱圖1,其為本發明一實施例的虛擬私人網路連線方法的流程示意圖。在本實施例中,虛擬私人網路連線方法係應用於儲存卡裝置上,也就是將搭載有虛擬私人網路應用程式的儲存卡裝置安裝於醫療裝置內,醫療裝置藉由儲存卡裝置登錄到安全且受到保護的虛擬私人網路伺服器,使得醫療裝置在使用過程中所產生的資料(例如是關於使用者身體狀態的醫療數據資料)進行加密保護,防止資料在傳送或接收的過程中遭到惡意程式攻擊以及資料被第三方竊取的風險。 Please refer to FIG. 1 , which is a schematic flowchart of a virtual private network connection method according to an embodiment of the present invention. In this embodiment, the VPN connection method is applied to the memory card device, that is, the memory card device equipped with the VPN application program is installed in the medical device, and the medical device logs in to the safe and protected VPN server through the memory card device, so that the data generated by the medical device during use (for example, medical data about the user's physical state) is encrypted and protected, preventing the data from being attacked by malicious programs during transmission or reception. Risk of data being stolen by a third party.

如圖1所示,本實施例的虛擬私人網路連線方法主要包括下列步驟:首先,如步驟S1所示,提供虛擬私人網路應用程式,也就是使用者可先行從網路下載不同開發商所開發出的虛擬私人網路應用程式,在本實施例中,虛擬私人網路應用程式例如是使用Open VPN所開發出的應用程式,但本發明並不以此為限。 As shown in FIG. 1, the virtual private network connection method of this embodiment mainly includes the following steps: first, as shown in step S1, a virtual private network application program is provided, that is, the user can download the virtual private network application program developed by different developers from the Internet in advance. In this embodiment, the virtual private network application program is, for example, an application program developed by using Open VPN, but the present invention is not limited thereto.

接著,如步驟S2所示,在將虛擬私人網路應用程式載入到儲存卡裝置前,會先判斷此虛擬私人網路應用程式的檔案尺寸是否小於或等於儲存卡裝置的容量門檻值。倘若此虛擬私人網路應用程式的檔案尺寸大於儲存卡裝置的容量門檻值,則不將此虛擬私人網路應用程式載入到儲存卡裝置中,使用者需重新尋找適當檔案尺寸大小的虛擬 私人網路應用程式。倘若此虛擬私人網路應用程式的檔案尺寸小於或等於儲存卡裝置的容量門檻值,則如步驟S3所示,將此虛擬私人網路應用程式載入於儲存卡裝置中。需特別說明的是,在本實施例中,儲存卡裝置的容量門檻值例如是儲存卡裝置總容量的四分之一,但本發明並不加以限定儲存卡裝置的容量門檻值,此容量門檻值可依照實際情況的需求而有增減,需特別說明的是,儲存卡裝置包括非揮發性記憶體單元與揮發性記憶體單元,而上述的儲存卡裝置的總容量即代表非揮發性記憶體的總容量。此外,在本實施例中,儲存卡裝置例如是安全數位卡(Secure Digital Memory Card,簡稱SD card)或是Micro SD卡,但本發明並不加以限定儲存卡裝置的種類與規格。 Next, as shown in step S2, before loading the VPN application program into the memory card device, it is judged whether the file size of the VPN application program is less than or equal to the capacity threshold of the memory card device. If the file size of the VPN application program is greater than the capacity threshold of the storage card device, the VPN application program will not be loaded into the storage card device, and the user needs to find a virtual private network application program with an appropriate file size again. Private web application. If the file size of the VPN application is less than or equal to the capacity threshold of the memory card device, then as shown in step S3, the VPN application is loaded into the memory card device. It should be noted that, in this embodiment, the capacity threshold of the memory card device is, for example, 1/4 of the total capacity of the memory card device. However, the present invention does not limit the capacity threshold of the memory card device. The capacity threshold can be increased or decreased according to actual needs. It should be noted that the memory card device includes a non-volatile memory unit and a volatile memory unit, and the total capacity of the above-mentioned memory card device represents the total capacity of the non-volatile memory. In addition, in this embodiment, the memory card device is, for example, a Secure Digital Memory Card (Secure Digital Memory Card, SD card for short) or a Micro SD card, but the present invention does not limit the type and specification of the memory card device.

接著,如步驟S4所示,將搭載有虛擬私人網路應用程式的儲存卡裝置安裝於醫療裝置中。在本實施例中,醫療裝置例如是超音波掃描器(Ultrasonic scanner)、呼吸器(Ventilator)、眼底相機(Fundus camera)、持續性正壓呼吸器(CPAP)或是發光二極體光譜分析儀(LED spectrum analyzer),但本發明並不加以限定醫療裝置的種類。 Next, as shown in step S4, the memory card device loaded with the VPN application program is installed in the medical device. In this embodiment, the medical device is, for example, an Ultrasonic scanner, a Ventilator, a Fundus camera, a Continuous Positive Airway Pressure (CPAP) or an LED spectrum analyzer, but the present invention does not limit the type of medical device.

接著,如步驟S5所示,透過虛擬私人網路應用程式所提供的設定平台來進行伺服器連線設定,伺服器連線設定包括進行憑證設定以及進行客戶端參數設定兩個步驟。在本實施例中,憑證設定包括產生伺服器端公鑰憑證(Root CA certificate)、產生客戶端公鑰憑證(Client certificate)以及產生客戶端私鑰(Client Key),藉由上述所產生的憑證來進行伺服器端與客戶端之間的雙向認證作業。在本實施例中,客戶端參數設定包括伺服器位址設定、通訊協定設定、裝置模式設定、用戶名稱與密碼設定、加密方式設定以及檔案壓縮設定,具體 而言,伺服器位址設定用以提供一個網際網路協定位址(IP Address)來供客戶端使用,通訊協定設定例如是可選擇用戶資料包協定(UDP)或是傳輸控制協定(TCP)兩種通訊協定的其中之一,裝置模式設定可選擇封包(TUN)模式或是資料框(TAP)模式的其中之一,用戶名稱與密碼設定用以讓使用者透過所設定的用戶名稱與密碼登錄到虛擬私人網路伺服器並獲取虛擬私人網路伺服器所提供的資料,加密方式設定可選擇Blow Fish、AES-128、AES-256、Trip-DES cipher BF-CBC等加密方式的其中之一,檔案壓縮設定可選擇開啟或關閉檔案壓縮功能。 Next, as shown in step S5, the server connection setting is performed through the setting platform provided by the virtual private network application program. The server connection setting includes two steps of certificate setting and client parameter setting. In this embodiment, the certificate setting includes generating a server-side public key certificate (Root CA certificate), generating a client-side public key certificate (Client certificate), and generating a client-side private key (Client Key), and performing a two-way authentication operation between the server-side and the client-side by using the above-mentioned generated certificates. In this embodiment, the client parameter setting includes server address setting, communication protocol setting, device mode setting, user name and password setting, encryption mode setting and file compression setting, specifically For example, the server address setting is used to provide an Internet Protocol address (IP Address) for the client to use. The communication protocol setting is, for example, one of two communication protocols, User Datagram Protocol (UDP) or Transmission Control Protocol (TCP). Encryption method setting can choose one of Blow Fish, AES-128, AES-256, Trip-DES cipher BF-CBC and other encryption methods, and file compression setting can choose to enable or disable file compression function.

接著,如步驟S6所示,執行虛擬私人網路應用程式並根據連線請求而控制儲存卡裝置連接至虛擬私人網路伺服器。在本實施例中,在執行虛擬私人網路應用程式並接收連線請求後,儲存卡裝置會先連接至通訊網路,藉以使儲存卡裝置能夠透過此通訊網路連接至虛擬私人網路伺服器。此外,在本實施例中,儲存卡裝置更搭載有作業系統,當作業系統被執行後,使得虛擬私人網路應用程式可以在此作業系統所提供的圖形化操作介面下進行操作。 Next, as shown in step S6, execute the VPN application program and control the memory card device to connect to the VPN server according to the connection request. In this embodiment, after the VPN application program is executed and the connection request is received, the memory card device is first connected to the communication network, so that the memory card device can connect to the VPN server through the communication network. In addition, in this embodiment, the memory card device is further equipped with an operating system. When the operating system is executed, the virtual private network application program can be operated under the graphical operation interface provided by the operating system.

然後,如步驟S7所示,控制儲存卡裝置傳輸醫療裝置所產生的資料至虛擬私人網路伺服器,藉以進行資料的加密保護。需特別說明的是,在本實施例中,醫療裝置若是以呼吸器為例,則醫療裝置所產生的資料為呼吸器在使用的過程中根據使用者的呼吸狀況而相應產生關於使用者呼吸狀況的即時資料(例如流量、阻力及壓力等),也就是產生所謂的呼吸參數。這些呼吸參數包括使用者血氧飽和度(Oxyhemoglobin Saturation by Pulse Oximetry;SPO2)、當前自 發性潮氣容積值及當前自發性呼吸次數,且依據不同設計需求,呼吸參數可能更包括吐氣末陽壓(positive end expiratory pressure,簡稱為PEEP)、呼吸道阻力(airway resistance,簡稱為Rexp)、呼氣流量(expiratory flow,簡稱為Fexp)及其呼氣流量波形資訊等,但本發明並不以此為限。 Then, as shown in step S7, the memory card device is controlled to transmit the data generated by the medical device to the virtual private network server, so as to encrypt and protect the data. It should be noted that, in this embodiment, if the medical device is a respirator as an example, the data generated by the medical device is that the respirator generates real-time data (such as flow rate, resistance and pressure, etc.) about the user's breathing condition according to the user's breathing condition during use, that is, so-called breathing parameters. These respiratory parameters include the user's blood oxygen saturation (Oxyhemoglobin Saturation by Pulse Oximetry; SPO2), the current The spontaneous tidal volume value and the current number of spontaneous breaths, and according to different design requirements, the respiratory parameters may further include positive end expiratory pressure (referred to as PEEP), airway resistance (referred to as Rexp), expiratory flow (referred to as Fexp) and expiratory flow waveform information, etc., but the present invention is not limited thereto.

以下再針對上述搭載有虛擬私人網路應用程式的儲存卡裝置的詳細架構做進一步的描述。 The following will further describe the detailed structure of the memory card device equipped with the virtual private network application program.

請參閱圖2,其為本發明一實施例的儲存卡裝置的功能方塊示意圖。如圖2所示,本實施例的儲存卡裝置1包括I/O介面模組11、儲存模組12以及虛擬私人網路連接與控制模組13。I/P介面模組11用以電性連接於醫療裝置100。儲存模組12用以儲存醫療裝置100所產生的資料1200,且儲存模組12儲存有虛擬私人網路應用程式1201。虛擬私人網路連接與控制模組13電性連接於I/O介面模組與儲存模組12。在本實施例中,當虛擬私人網路連接與控制模組13執行虛擬私人網路應用程式1201並接收連線請求時,虛擬私人網路連接與控制模組13連接至虛擬私人網路伺服器200,並且傳輸儲存模組12所儲存的資料1200至虛擬私人網路伺服器200。 Please refer to FIG. 2 , which is a functional block diagram of a memory card device according to an embodiment of the present invention. As shown in FIG. 2 , the memory card device 1 of this embodiment includes an I/O interface module 11 , a storage module 12 and a VPN connection and control module 13 . The I/P interface module 11 is used to electrically connect to the medical device 100 . The storage module 12 is used for storing the data 1200 generated by the medical device 100 , and the storage module 12 stores a VPN application program 1201 . The VPN connection and control module 13 are electrically connected to the I/O interface module and the storage module 12 . In this embodiment, when the VPN connection and control module 13 executes the VPN application program 1201 and receives a connection request, the VPN connection and control module 13 connects to the VPN server 200 and transmits the data 1200 stored in the storage module 12 to the VPN server 200.

在本實施例中,上述醫療裝置100例如是超音波掃描器(Ultrasonic scanner)、呼吸器(Ventilator)、眼底相機(Fundus camera)、持續性正壓呼吸器(CPAP)或是發光二極體光譜分析儀(LED spectrum analyzer),但本發明並不加以限定醫療裝置100的種類。 In this embodiment, the medical device 100 is, for example, an Ultrasonic scanner, a Ventilator, a Fundus camera, a Continuous Positive Airway Pressure (CPAP) or an LED spectrum analyzer, but the present invention does not limit the type of the medical device 100 .

如圖2所示,本實施例的虛擬私人網路連接與控制模組13包括處理控制單元131與虛擬私人網路連接模組132。處理控制單元131 電性連接於I/O介面模組11與儲存模組12。虛擬私人網路連接模組132電性連接於處理控制單元131。在本實施例中,當處理控制單元131執行虛擬私人網路應用程式1201並接收連線請求時,處理控制單元131控制虛擬私人網路連接模組132連接至虛擬私人網路伺服器200,藉以使虛擬私人網路連接模組132傳輸資料1200至虛擬私人網路伺服器200。 As shown in FIG. 2 , the VPN connection and control module 13 of this embodiment includes a processing control unit 131 and a VPN connection module 132 . processing control unit 131 It is electrically connected to the I/O interface module 11 and the storage module 12 . The VPN connection module 132 is electrically connected to the processing control unit 131 . In this embodiment, when the processing control unit 131 executes the VPN application program 1201 and receives a connection request, the processing control unit 131 controls the VPN connection module 132 to connect to the VPN server 200, so that the VPN connection module 132 transmits the data 1200 to the VPN server 200.

在本實施例中,當該I/O介面模組電性連接於醫療裝置100時,處理控制單元131控制I/O介面模組11對儲存模組12進行資料1200的存取。以呼吸器為例,上述資料1200為呼吸器在使用的過程中根據使用者的呼吸狀況而相應產生關於使用者呼吸狀況的即時資料(例如流量、阻力及壓力等),也就是產生所謂的呼吸參數。這些呼吸參數包括使用者血氧飽和度(Oxyhemoglobin Saturation by Pulse Oximetry;SPO2)、當前自發性潮氣容積值及當前自發性呼吸次數,且依據不同設計需求,呼吸參數可能更包括吐氣末陽壓(positive end expiratory pressure,簡稱為PEEP)、呼吸道阻力(airway resistance,簡稱為Rexp)、呼氣流量(expiratory flow,簡稱為Fexp)及其呼氣流量波形資訊等,但本發明並不以此為限。 In this embodiment, when the I/O interface module is electrically connected to the medical device 100 , the processing control unit 131 controls the I/O interface module 11 to access the data 1200 to the storage module 12 . Taking a respirator as an example, the above data 1200 is the real-time data (such as flow rate, resistance and pressure, etc.) corresponding to the user's breathing condition generated by the respirator during use, that is, so-called breathing parameters. These breathing parameters include the user's blood oxygen saturation (Oxyhemoglobin Saturation by Pulse Oximetry; SPO2), the current spontaneous tidal volume and the current number of spontaneous breathing, and according to different design requirements, the breathing parameters may further include positive end expiratory pressure (referred to as PEEP), airway resistance (airway resistance, referred to as Rexp), expiratory flow (abbreviated as Fexp) and expiratory flow waveform information, etc., but the present invention is not limited thereto.

如圖2所示,本實施例的儲存模組12包括揮發性記憶體單元121與非揮發性記憶體單元122。上述醫療裝置100於使用過程中所產生的資料1200以及虛擬私人網路應用程式1201皆儲存於儲存模組12的非揮發性記憶體單元122內。需特別說明的是,在本實施例中,虛擬私人網路應用程式1201的檔案尺寸小於或等於四分之一非揮發性記憶體單元122的容量,但本發明並不加以限定虛擬私人網路應用程式的檔案 尺寸與非揮發性記憶體單元122的容量之間的比例關係,此比例關係可依照實際情況的需求而有增減。 As shown in FIG. 2 , the storage module 12 of this embodiment includes a volatile memory unit 121 and a non-volatile memory unit 122 . The data 1200 and the virtual private network application program 1201 generated during the use of the medical device 100 are all stored in the non-volatile memory unit 122 of the storage module 12 . It should be noted that, in this embodiment, the file size of the VPN application program 1201 is less than or equal to a quarter of the capacity of the non-volatile memory unit 122, but the present invention does not limit the file size of the VPN application program The proportional relationship between the size and the capacity of the non-volatile memory unit 122 can be increased or decreased according to actual requirements.

在本實施例中,儲存模組12更儲存有作業系統1202,當作業系統1202被處理控制單元132執行後,使得虛擬私人網路應用程式1201可以在此作業系統1202所提供的圖形化操作介面下進行操作。需特別說明的是,在本實施例中,虛擬私人網路應用程式1201包括一組虛擬私人網路控制碼,而作業系統1202包括一組系統運作控制碼,處理控制單元132可根據該組虛擬私人網路控制碼來執行虛擬私人網路應用程式1201以及根據該組系統運作控制碼來執行作業系統1202。此外,在本實施例中,作業系統1202例如是Windows、UNIX、Mac OS或是Linux的其中之任一,本發明並不加以限定作業系統的種類。 In this embodiment, the storage module 12 further stores an operating system 1202. When the operating system 1202 is executed by the processing control unit 132, the VPN application program 1201 can operate under the graphical operation interface provided by the operating system 1202. It should be noted that, in this embodiment, the VPN application program 1201 includes a set of VPN control codes, and the operating system 1202 includes a set of system operation control codes, and the processing control unit 132 can execute the VPN application program 1201 according to the set of VPN control codes and execute the operating system 1202 according to the set of system operation control codes. In addition, in this embodiment, the operating system 1202 is, for example, any one of Windows, UNIX, Mac OS, or Linux, and the present invention does not limit the type of the operating system.

在本實施例中,虛擬私人網路應用程式1201包括伺服器連線設定資訊,伺服器連線設定資訊包括憑證設定資訊與客戶端參數設定資訊。憑證設定資訊包括伺服器端公鑰憑證(Root CA certificate)、客戶端公鑰憑證(Client certificate)以及客戶端私鑰(Client Key)。客戶端參數設定資訊包括伺服器位址設定資訊(IP位址)、通訊協定設定資訊(UDP or TCP)、裝置模式設定資訊(tun mode or tap mode)、用戶名稱與密碼設定資訊、加密方式設定資訊(BlowFish、AES-128、AES-256、Trip-DES cipher BF-CBC)以及檔案壓縮設定資訊。 In this embodiment, the VPN application program 1201 includes server connection setting information, and the server connection setting information includes certificate setting information and client parameter setting information. The certificate setting information includes the server public key certificate (Root CA certificate), the client public key certificate (Client certificate) and the client private key (Client Key). Client parameter setting information includes server address setting information (IP address), communication protocol setting information (UDP or TCP), device mode setting information (tun mode or tap mode), user name and password setting information, encryption method setting information (BlowFish, AES-128, AES-256, Trip-DES cipher BF-CBC), and file compression setting information.

如圖2所示,本實施例的虛擬私人網路連接模組132包括通訊單元1320。此通訊單元1320電性連接於處理控制單元131。當處理控制單元131執行虛擬私人網路應用程式並接收連線請求時,處理控制單元131控制通訊單元1320連接至通訊網路300,藉以使虛擬私人網路連 接模組132透過通訊網路300連接至虛擬私人網路伺服器200。在本實施例中,通訊單元1320例如是使用Wi-Fi、GSM或乙太網路等無線傳輸方式或有線傳輸方式的網路設備,但本發明並不加以限定通訊單元1320的種類。 As shown in FIG. 2 , the VPN connection module 132 of this embodiment includes a communication unit 1320 . The communication unit 1320 is electrically connected to the processing control unit 131 . When the processing control unit 131 executes the virtual private network application program and receives a connection request, the processing control unit 131 controls the communication unit 1320 to connect to the communication network 300, so that the virtual private network connection The interface module 132 is connected to the VPN server 200 through the communication network 300 . In this embodiment, the communication unit 1320 is, for example, a network device using wireless or wired transmission methods such as Wi-Fi, GSM, or Ethernet, but the present invention does not limit the type of the communication unit 1320 .

值得是一提的是,上述儲存卡裝置1的架構可藉由現場可程式規劃邏輯閘陣列(FPGA)或是超大型積體電路(VLSI)來實現。 It is worth mentioning that the structure of the above-mentioned memory card device 1 can be realized by a field programmable gate array (FPGA) or a very large scale integration circuit (VLSI).

值得一提的是,本發明的概念除了可以應用在如圖2所示的儲存卡裝置1外,亦可應用在如圖3所示的儲存卡轉接裝置2的架構上,當醫療裝置僅能安裝如安全數位卡(SD card)規格的儲存卡而無法安裝Micro SD card規格的儲存卡時,便能透過如圖3所示的儲存卡轉接裝置2來將Micro SD card規格的儲存卡轉換成類似SD card規格的儲存卡,也就是將Micro SD card規格的儲存卡插置於儲存卡轉接裝置2內,爾後再將插置有Micro SD card的儲存卡轉接裝置2安裝於醫療裝置內。如圖3所示,本實施例的儲存卡轉接裝置2包括I/O介面模組21、儲存卡轉接槽22以及虛擬私人網路連接與控制模組23。I/O介面模組21用以電性連接於醫療裝置。儲存卡轉接槽22用以容置儲存卡220(例如是Micro SD card),當儲存卡220插置於儲存卡轉接槽22後,儲存卡220在儲存卡轉接裝置2的架構中所扮演的角色類似圖2所示之儲存卡裝置1的儲存模組12,也就是此儲存卡220將儲存來自醫療裝置所產生的資料以及使用者所下載的虛擬私人網路應用程式。虛擬私人網路連接與控制模組23電性連接於I/O介面模組21與儲存卡轉接槽22。在本實施例中,當虛擬私人網路連接與控制模組23執行虛擬私人網路應用程式並接收連線請求時,虛擬私人網路連接與控制模組23連接至虛擬私人 網路伺服器,且傳輸儲存卡220所儲存之資料至虛擬私人網路伺服器。關於本實施例的其它細部技術手段的描述與圖2所示的儲存卡裝置類似,故不再贅述之。 It is worth mentioning that, in addition to the memory card device 1 shown in Figure 2, the concept of the present invention can also be applied to the structure of the memory card adapter device 2 shown in Figure 3. When the medical device can only be installed with a memory card of the SD card specification but cannot be installed with a memory card of the Micro SD card specification, the memory card of the Micro SD card specification can be converted into a memory card similar to the SD card specification through the memory card adapter device 2 shown in Figure 3, that is, the storage card of the Micro SD card specification The card is inserted into the memory card adapter device 2, and then the memory card adapter device 2 inserted with the Micro SD card is installed in the medical device. As shown in FIG. 3 , the memory card adapter device 2 of this embodiment includes an I/O interface module 21 , a memory card adapter slot 22 and a VPN connection and control module 23 . The I/O interface module 21 is used to electrically connect to the medical device. The memory card adapter slot 22 is used to accommodate a memory card 220 (such as a Micro SD card). When the memory card 220 is inserted into the memory card adapter slot 22, the role played by the memory card 220 in the structure of the memory card adapter device 2 is similar to the storage module 12 of the memory card device 1 shown in FIG. The VPN connection and control module 23 is electrically connected to the I/O interface module 21 and the memory card transfer slot 22 . In this embodiment, when the VPN connection and control module 23 executes the VPN application program and receives a connection request, the VPN connection and control module 23 connects to the VPN network server, and transmit the data stored in the memory card 220 to the virtual private network server. The description of other detailed technical means of this embodiment is similar to that of the memory card device shown in FIG. 2 , so it will not be repeated here.

綜上所述,本發明實施例的虛擬私人網路連線方法與儲存卡裝置,其係將虛擬私人網路應用程式內置於儲存卡裝置,並將搭載有虛擬私人網路應用程式的儲存卡裝置安裝於醫療裝置內,使得醫療裝置藉由內置有虛擬私人網路應用程式的儲存卡裝置登錄到虛擬私人網路伺服器,並透過儲存卡裝置傳輸醫療裝置在使用過程中所產生的資料至虛擬私人網路伺服器進行資料的加密保護,藉以防止資料在傳遞的過程中遭到惡意程式攻擊以及資料被第三方竊取的風險。 To sum up, the VPN connection method and the memory card device of the embodiment of the present invention have a VPN application program built into the memory card device, and the memory card device equipped with the VPN application program is installed in the medical device, so that the medical device can log in to the VPN server through the memory card device with the built-in VPN application program, and transmit the data generated by the medical device during use to the VPN server through the memory card device for data encryption protection, so as to prevent the data from being transmitted. Risks of malicious program attacks and data theft by third parties.

惟以上所述者,僅為本發明之較佳實施例而已,當不能以此限定本發明實施之範圍,即大凡依本發明申請專利範圍及發明說明內容所作之簡單的等效變化與修飾,皆仍屬本發明專利涵蓋之範圍內。另外,本發明的任一實施例或申請專利範圍不須達成本發明所揭露之全部目的或優點或特點。此外,摘要部分和標題僅是用來輔助專利文件搜尋之用,並非用來限制本發明之權利範圍。此外,本說明書或申請專利範圍中提及的”第一”、”第二”等用語僅用以命名元件(element)的名稱或區別不同實施例或範圍,而並非用來限制元件數量上的上限或下限。 But what is described above is only a preferred embodiment of the present invention, and should not limit the scope of the present invention, that is, all simple equivalent changes and modifications made according to the patent scope of the present invention and the description of the invention are still within the scope of the patent of the present invention. In addition, any embodiment or scope of claims of the present invention does not necessarily achieve all the objectives or advantages or features disclosed in the present invention. In addition, the abstract and the title are only used to assist the search of patent documents, and are not used to limit the scope of rights of the present invention. In addition, terms such as "first" and "second" mentioned in this specification or the scope of the patent application are only used to name elements (elements) or to distinguish different embodiments or ranges, and are not used to limit the upper limit or lower limit of the number of elements.

S1~S7:步驟 S1~S7: steps

Claims (20)

一種虛擬私人網路連線方法,應用於一儲存卡裝置,該方法包括下列步驟:提供一虛擬私人網路應用程式;其中,該虛擬私人網路應用程式與一醫療裝置及一虛擬私人網路伺服器之間具有可相容性;將該虛擬私人網路應用程式載入於該儲存卡裝置中;將該儲存卡裝置插置安裝於該醫療裝置中;執行該虛擬私人網路應用程式並根據一連線請求而控制該儲存卡裝置連接至該虛擬私人網路伺服器;以及控制該儲存卡裝置傳輸該醫療裝置所產生的一資料至該虛擬私人網路伺服器;其中,該儲存卡裝置為一插卡式儲存卡,抑或為一具有該插卡式儲存卡之儲存卡轉接槽,且該儲存卡裝置具有一虛擬私人網路連接與控制模組,以當該虛擬私人網路連接與控制模組執行該虛擬私人網路應用程式並接收該連線請求時,該虛擬私人網路連接與控制模組連接至該虛擬私人網路伺服器,且傳輸該該儲存卡裝置所儲存之該資料至該虛擬私人網路伺服器。 A virtual private network connection method applied to a memory card device, the method comprising the following steps: providing a virtual private network application program; wherein, the virtual private network application program is compatible with a medical device and a virtual private network server; loading the virtual private network application program into the memory card device; inserting the memory card device into the medical device; executing the virtual private network application program and controlling the memory card device to connect to the virtual private network server according to a connection request; And control the memory card device to transmit a data generated by the medical device to the virtual private network server; wherein, the memory card device is a plug-in memory card, or a memory card transfer slot with the plug-in memory card, and the memory card device has a virtual private network connection and control module, so that when the virtual private network connection and control module executes the virtual private network application program and receives the connection request, the virtual private network connection and control module is connected to the virtual private network server, and transmitting the data stored in the memory card device to the virtual private network server. 如申請專利範圍第1項所述的虛擬私人網路連線方式,其中在執行該虛擬私人網路應用程式的步驟前進行一伺服器連線設定。 The virtual private network connection method described in item 1 of the scope of the patent application, wherein a server connection setting is performed before the step of executing the virtual private network application program. 如申請專利範圍第2項所述的虛擬私人網路連線方法,其中該伺服器連線設定包括下列步驟:進行一憑證設定;以及進行一客戶端參數設定。 The virtual private network connection method described in item 2 of the patent application, wherein the server connection setting includes the following steps: performing a certificate setting; and performing a client parameter setting. 如申請專利範圍第3項所述的虛擬私人網路連線方法,其中該憑證設定包括產生一伺服器端公鑰憑證(Root CA certificate)、一客戶端公鑰憑證(Client certificate)以及一客戶端私鑰(Client Key)。 The virtual private network connection method described in item 3 of the scope of patent application, wherein the certificate setting includes generating a server-side public key certificate (Root CA certificate), a client-side public-key certificate (Client certificate) and a client-side private key (Client Key). 如申請專利範圍第3項所述的虛擬私人網路連線方法,其中該客戶端參數設定包括一伺服器位址設定、一通訊協定設定、一裝置模式設定、一用戶名稱與密碼設定、一加密方式設定以及一檔案壓縮設定。 The virtual private network connection method described in item 3 of the scope of the patent application, wherein the client parameter setting includes a server address setting, a communication protocol setting, a device mode setting, a user name and password setting, an encryption method setting and a file compression setting. 如申請專利範圍第1項所述的虛擬私人網路連線方法,其中在將該虛擬私人網路應用程式載入於該儲存卡裝置前,更包括下列步驟:判斷該虛擬私人網路應用程式的檔案尺寸是否小於或等於該儲存卡裝置的一容量門檻值;以及倘若該虛擬私人網路應用程式的檔案尺寸小於或等於該容量門檻值,則將該虛擬私人網路應用程式載入於該儲存卡裝置中。 The virtual private network connection method described in item 1 of the scope of the patent application, wherein before loading the virtual private network application program into the memory card device, further includes the following steps: determining whether the file size of the virtual private network application program is less than or equal to a capacity threshold of the memory card device; and if the file size of the virtual private network application program is less than or equal to the capacity threshold value, then loading the virtual private network application program into the memory card device. 如申請專利範圍第6項所述的虛擬私人網路連接方法,其中該容量門檻值為四分之一該儲存卡裝置的容量。 The virtual private network connection method described in item 6 of the scope of the patent application, wherein the capacity threshold is a quarter of the capacity of the memory card device. 如申請專利範圍第1項所述的虛擬私人網路連線方式,其中該醫療裝置包括一超音波掃描器(Ultrasonic scanner)、一呼吸器(Ventilator)、一眼底相機(Fundus camera)、一持續性正壓呼吸器(CPAP)以及一發光二極體光譜分析儀(LED spectrum analyzer)。 In the virtual private network connection method described in Item 1 of the scope of the patent application, the medical device includes an Ultrasonic scanner, a Ventilator, a Fundus camera, a Continuous Positive Airway Pressure (CPAP) and an LED spectrum analyzer. 一種儲存卡裝置,其為一插卡式儲存卡,抑或為一具有該插卡式儲存卡之儲存卡轉接槽,該儲存卡裝置包括:一I/O介面模組,用以插置安裝之方式而電性連接於一醫療裝置; 一儲存模組,用以儲存該醫療裝置所產生的一資料,且該儲存模組儲存有一虛擬私人網路應用程式;以及一虛擬私人網路連接與控制模組,電性連接於該I/O介面模組與該儲存模組;其中,當該虛擬私人網路連接與控制模組執行該虛擬私人網路應用程式並接收一連線請求時,該虛擬私人網路連接與控制模組連接至一虛擬私人網路伺服器,且傳輸該儲存模組所儲存之該資料至該虛擬私人網路伺服器;其中,於該儲存卡裝置藉由該I/O介面模組而被插置安裝至該醫療裝置之前,將該虛擬私人網路應用程式載入於該儲存模組中,且該虛擬私人網路應用程式與該醫療裝置及該虛擬私人網路伺服器之間具有可相容性。 A memory card device, which is a plug-in memory card, or a memory card transfer slot with the plug-in memory card, the memory card device includes: an I/O interface module, which is electrically connected to a medical device in a plug-in installation manner; a storage module for storing a data generated by the medical device, and the storage module stores a virtual private network application program; and a virtual private network connection and control module, electrically connected to the I/O interface module and the storage module; wherein, when the virtual private network connection and control module executes the virtual private network application program and receives a connection request, the virtual private network connection and control module is connected to a virtual private network server, and transmits the data stored in the storage module The data is sent to the virtual private network server; wherein, before the memory card device is inserted into the medical device through the I/O interface module, the virtual private network application program is loaded in the storage module, and the virtual private network application program is compatible with the medical device and the virtual private network server. 如申請專利範圍第9項所述的儲存卡裝置,其中該虛擬私人網路連接與控制模組包括:一處理控制單元,電性連接於該I/O介面模組與該儲存模組;以及一虛擬私人網路連接模組,電性連接於該處理控制單元;其中,當該處理控制單元執行該虛擬私人網路應用程式並接收該連線請求時,該處理控制單元控制該虛擬私人網路連接模組連接至該虛擬私人網路伺服器,藉以使該虛擬私人網路連接模組傳輸該資料至該虛擬私人網路伺服器。 The memory card device as described in item 9 of the scope of the patent application, wherein the VPN connection and control module includes: a processing control unit electrically connected to the I/O interface module and the storage module; and a virtual private network connection module electrically connected to the processing control unit; wherein, when the processing control unit executes the VPN application program and receives the connection request, the processing control unit controls the VPN connection module to connect to the VPN server, so as to enable the VPN The connection module transmits the data to the VPN server. 如申請專利範圍第10項所述的儲存卡裝置,其中該儲存模組更儲存有一作業系統,該處理控制單元執行該作業系統以及該虛擬私人網路應用程式中之至少一者。 The storage card device as described in claim 10 of the patent application, wherein the storage module further stores an operating system, and the processing control unit executes at least one of the operating system and the virtual private network application program. 如申請專利範圍第10項所述的儲存卡裝置,其中當該I/O介面模組電性連接於該醫療裝置時,該處理控制單元控制該I/O介面模組對該儲存模組進行該資料的存取。 The memory card device described in claim 10 of the patent application, wherein when the I/O interface module is electrically connected to the medical device, the processing control unit controls the I/O interface module to access the data of the storage module. 如申請專利範圍第10項所述的儲存卡裝置,其中該虛擬私人網路連接模組包括一通訊單元,電性連接於該處理控制單元,當該處理控制單元執行該虛擬私人網路應用程式並接收該連線請求時,該處理控制單元控制該通訊單元連接至一通訊網路,藉以使該虛擬私人網路連接模組透過該通訊網路連接至該虛擬私人網路伺服器。 The memory card device described in item 10 of the scope of the patent application, wherein the VPN connection module includes a communication unit electrically connected to the processing control unit, when the processing control unit executes the VPN application program and receives the connection request, the processing control unit controls the communication unit to connect to a communication network, so that the VPN connection module is connected to the VPN server through the communication network. 如申請專利範圍第13項所述的儲存卡裝置,其中該通訊單元以一無線傳輸方式或一有線傳輸方式連接至該通訊網路。 The memory card device as described in item 13 of the scope of the patent application, wherein the communication unit is connected to the communication network through a wireless transmission method or a wired transmission method. 如申請專利範圍第9項所述的儲存卡裝置,其中該儲存模組包括一揮發性記憶體單元與一非揮發性記憶體單元,該資料與該虛擬私人網路應用程式儲存於該非揮發性記憶體單元內。 The memory card device as described in claim 9 of the patent application, wherein the storage module includes a volatile memory unit and a non-volatile memory unit, and the data and the VPN application program are stored in the non-volatile memory unit. 如申請專利範圍第15項所述的儲存卡裝置,其中該虛擬私人網路應用程式的檔案尺寸小於或等於四分之一該非揮發性記憶體單元的容量。 The memory card device as described in item 15 of the scope of the patent application, wherein the file size of the virtual private network application program is less than or equal to a quarter of the capacity of the non-volatile memory unit. 如申請專利範圍第9項所述的儲存卡裝置,其中該虛擬私人網路應用程式包括一伺服器連線設定資訊,該伺服器連線設定資訊包括一憑證設定資訊與一客戶端參數設定資訊。 As the storage card device described in item 9 of the scope of the patent application, the virtual private network application program includes a server connection setting information, and the server connection setting information includes a certificate setting information and a client parameter setting information. 如申請專利範圍第17項所述的儲存卡裝置,其中該憑證設定資訊包括一伺服器端公鑰憑證(Root CA certificate)、一客戶端公鑰憑證(Client certificate)以及一客戶端私鑰(Client Key)。 In the storage card device described in item 17 of the scope of the patent application, the certificate setting information includes a server public key certificate (Root CA certificate), a client public key certificate (Client certificate) and a client private key (Client Key). 如申請專利範圍第17項所述的儲存卡裝置,其中該客戶端參數設定資訊包括一伺服器位址設定資訊、一通訊協定設定資訊、一裝置模式設定資訊、一用戶名稱與密碼設定資訊、一加密方式設定資訊以及一檔案壓縮設定資訊。 As the storage card device described in item 17 of the scope of the patent application, wherein the client parameter setting information includes a server address setting information, a communication protocol setting information, a device mode setting information, a user name and password setting information, an encryption method setting information and a file compression setting information. 如申請專利範圍第9項所述的儲存卡裝置,其中該醫療裝置包括一超音波掃描器(Ultrasonic scanner)、一呼吸器(Ventilator)、一眼底相機(Fundus camera)、一持續性正壓呼吸器(CPAP)以及一發光二極體光譜分析儀(LED spectrum analyzer)。 The memory card device as described in item 9 of the scope of the patent application, wherein the medical device includes an Ultrasonic scanner, a Ventilator, a Fundus camera, a Continuous Positive Airway Pressure (CPAP) and an LED spectrum analyzer.
TW109119922A 2020-06-12 2020-06-12 Virtual private network connection method and memory card device using the same TWI807193B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
TW109119922A TWI807193B (en) 2020-06-12 2020-06-12 Virtual private network connection method and memory card device using the same
CN202010566100.6A CN113810352B (en) 2020-06-12 2020-06-19 Virtual private network connection method and memory card device using the same
US16/986,247 US11539667B2 (en) 2020-06-12 2020-08-05 Virtual private network connection method and memory card device using same
EP20190375.4A EP3923534A1 (en) 2020-06-12 2020-08-11 Virtual private network connection method and memory card device using same

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109119922A TWI807193B (en) 2020-06-12 2020-06-12 Virtual private network connection method and memory card device using the same

Publications (2)

Publication Number Publication Date
TW202147808A TW202147808A (en) 2021-12-16
TWI807193B true TWI807193B (en) 2023-07-01

Family

ID=72046696

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109119922A TWI807193B (en) 2020-06-12 2020-06-12 Virtual private network connection method and memory card device using the same

Country Status (4)

Country Link
US (1) US11539667B2 (en)
EP (1) EP3923534A1 (en)
CN (1) CN113810352B (en)
TW (1) TWI807193B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI760830B (en) * 2020-08-28 2022-04-11 佳易科技股份有限公司 Storage device and medical apparatus using the same
CN118784380B (en) * 2024-09-13 2024-11-12 欢乐互娱(上海)科技股份有限公司 A defense method and system for DDOS attacks

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201445353A (en) * 2013-05-31 2014-12-01 June On Technology Co Ltd A switching device
TW201902183A (en) * 2017-05-26 2019-01-01 瑞昱半導體股份有限公司 Data management circuit with network function and network-based data management method
US20200128000A1 (en) * 2016-05-13 2020-04-23 MobileIron, Inc. Unified vpn and identity based authentication to cloud-based services

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060036854A1 (en) * 2004-08-09 2006-02-16 Chien-Hsing Liu Portable virtual private network device
DE602005017050D1 (en) * 2004-08-24 2009-11-19 Gemalto Sa PERSONAL TOKEN AND METHOD FOR CONTROLLED AUTHENTICATION
US20080071577A1 (en) * 2006-09-14 2008-03-20 Highley Robert D Dual-access security system for medical records
TW201206129A (en) * 2010-07-20 2012-02-01 Gemtek Technology Co Ltd Virtual private network system and network device thereof
US9015824B1 (en) * 2012-01-25 2015-04-21 Google Inc. Allowing a client computing device to securely interact with a private network
US9215075B1 (en) * 2013-03-15 2015-12-15 Poltorak Technologies Llc System and method for secure relayed communications from an implantable medical device
EP2902934B1 (en) * 2014-02-03 2019-04-10 Nxp B.V. Portable Security Device, Method for Securing a Data Exchange and Computer Program Product
US10810157B1 (en) * 2016-09-28 2020-10-20 Amazon Technologies, Inc. Command aggregation for data storage operations
CN107026859A (en) * 2017-03-31 2017-08-08 西安电子科技大学 A kind of safe transmission method of privacy cloud medical data
CN107147668A (en) * 2017-06-08 2017-09-08 上海中兴电力建设发展有限公司 Efficient application formula private security net transmission method and system based on Internet of Things
KR20190121605A (en) * 2018-04-18 2019-10-28 (주)아틀라스네트웍스 Mobile business system with portable VPN equipment for wired / wireless communication access

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201445353A (en) * 2013-05-31 2014-12-01 June On Technology Co Ltd A switching device
US20200128000A1 (en) * 2016-05-13 2020-04-23 MobileIron, Inc. Unified vpn and identity based authentication to cloud-based services
TW201902183A (en) * 2017-05-26 2019-01-01 瑞昱半導體股份有限公司 Data management circuit with network function and network-based data management method

Also Published As

Publication number Publication date
CN113810352A (en) 2021-12-17
US20210392113A1 (en) 2021-12-16
US11539667B2 (en) 2022-12-27
EP3923534A1 (en) 2021-12-15
TW202147808A (en) 2021-12-16
CN113810352B (en) 2024-02-23

Similar Documents

Publication Publication Date Title
US10581817B1 (en) Digital security bubble
EP1648137B1 (en) System and methods for providing network quarantine using IPSEC
US9239912B1 (en) Method, manufacture, and apparatus for content protection using authentication data
US8712044B2 (en) Key management system
KR101615572B1 (en) Authenticating to a network via a device-specific one time password
US20180332009A1 (en) Multimodal Cryptographic Data Communications in a Remote Patient Monitoring Environment
US20070300290A1 (en) Establishing Secure TCP/IP Communications Using Embedded IDs
CN101431516B (en) Implementation method, client and communication system of distributed security strategy
CN105580311A (en) Data Security Using Request-Provisioned Keys
TWI807193B (en) Virtual private network connection method and memory card device using the same
CN103036674A (en) Computer permission control method based on mobile dynamic password
US20070067464A1 (en) Authentication Protection Apparatus and Method
CN105262945A (en) Signaling transmission method and device
WO2016026429A1 (en) Method, device, and equipment for wireless network configuration, access, and visit
CN114079573B (en) Router access method and router
US10938913B2 (en) Hardware turnstile
JP2004054488A (en) Firewall device
Rasheed et al. Bluetooth Text Messages Integrity Security (BTMIS) based on blockchain
Singh et al. Securing data privacy on mobile devices in emergency health situations
KR101644130B1 (en) Apparatus for Blocking Harmful Object on Internet
Kome Identity and consent in the internet of persons, things and services
KR20160107996A (en) Apparatus for Blocking Harmful Objects on the Networks
CN102939597A (en) Secure content delivery system and method
Suggett et al. Security Risk of Wireless Implantable Medical Devices
MXPA05011086A (en) System and methods for providing network quarantine using ipsec